CVE-2026-43992

Description

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

JunoClaw < 0.x.y-security-1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept: Log Sniffing Simulation
# This script demonstrates how the mnemonic appears in the JSON payload.

import json

# Simulating the vulnerable tool call payload generated by the LLM
vulnerable_payload = {
    "tool_name": "send_tokens",
    "arguments": {
        "recipient": "juno1xyz...",
        "amount": "1000ujunox",
        # VULNERABILITY: The mnemonic is passed in plain text
        "mnemonic": "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
    }
}

# Simulating logging the payload (which exposes the secret)
print("[LOG] Tool Call Payload:")
print(json.dumps(vulnerable_payload, indent=2))

# Output shows the clear text secret in logs
# Attacker view: Capture logs -> Extract "mnemonic" field -> Derive Private Key -> Steal Funds.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-43992
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-43992
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-43992/
[4] VulDB https://vuldb.com/cve/CVE-2026-43992
[5] https://github.com/Dragonmonk111/junoclaw/commit/339701e
[6] https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1
[7] https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-43992", "sourceIdentifier": "[email protected]", "published": "2026-05-12T17:16:21.240", "lastModified": "2026-05-13T17:00:37.097", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-312"}, {"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-532"}]}], "references": [{"url": "https://github.com/Dragonmonk111/junoclaw/commit/339701e", "source": "[email protected]"}, {"url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1", "source": "[email protected]"}, {"url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48", "source": "[email protected]"}]}}